Newsletter

March 2019 Container Newsletter.

Hello from all of us here at Sysdig! This month we are especially happy to announce the new eBPF instrumentation support for Sysdig and Falco along with lots of exciting news in the container space.

So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.

We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel should be included in future newsletters, we are looking forward your contributions! You can also find previous newsletter editions in the Container Newsletter archive.


Sign up for our monthly Cloud-native News.


SECURITY

The state of open source security – 2019

Our friends at Snyk have compiled a yearly overview of the state of open source security including stats and trends. Don’t miss the container security section.

Introducing Anchore policy hub

Using the policy mechanisms of Anchore, users can define different checks, whitelists, and mappings. The Anchore policy hub will provide a public policy repository for the community.

Kubernetes Pod Security Policy with kube-psp-advisor

Kube-psp-advisor is a tool to automate and enable a Kubernetes Pod Security Policy across your cluster, allowing you to define adaptive and fine-grained security policies.

Docker and Kubernetes in high security environments

A brief summary of a masters’ thesis on containerized application isolation based on a real set of production requisites, with the Swedish Police Authority as the target client.

SYSDIG

Announcing Sysdig Secure 2.3

Sysdig Secure 2.3 is heavily invested in hardening the compliance posture of Kubernetes, Docker configurations, and container images following the NIST 800-190 and PCI frameworks.

Sysdig and Falco now powered by eBPF

Sysdig now supports eBPF as an alternative to our Sysdig kernel module-based architecture. We are excited to share more details about our integration and the inner workings of eBPF.

The art of writing eBPF programs

Continuing with the same theme, we want to break down the process of writing eBPF programs for you. Our eBPF exercises are entirely driven by examples, try this at home!

Sysdig and IBM to collaborate on IBM Cloud

At the IBM Think 2019 we announced our joint effort with IBM to support the Sysdig Cloud-Native Intelligence Platform on IBM Cloud Private and IBM Multicloud Manager.

Join our latest security session “4 best practices to meet compliance requirements in Kubernetes environments”.

You can see other upcoming Sysdig sessions here.

KUBERNETES

Managing Kubernetes with Kapitan

Kapitan is a tool to template files, originally created to manage Kubernetes based deployments. Take your firsts steps with the tool running the linked Katacoda course! Nice one.

K3S, lightweight Kubernetes

A bold proposal by Rancher Labs, K3S is a fully compliant production-grade Kubernetes, trimmed down to just a binary file under 40 MB and optimized for small hardware appliances.

Mastering the kubeconfig file

If you interact with Kubernetes on a daily basis, mastering the caveats and advanced details of your kubeconfig file will boost your efficiency, optimizing tasks like switching cluster contexts.

Migrating from ECS to EKS

AskAttest engineering embarked on a Kubernetes cluster migration from ECS to EKS. LinkerD helped smoothing the transition connecting services running in different clusters.

Pimp my Kubernetes shell

Have you ever been staring at the terminal but don’t remember which Kubernetes cluster it is set up for? Multiple terminal windows for multiple Kubernetes clusters? Let’s fix it already.

Kubernetes storage performance comparison

There are plenty of storage solutions to choose from when you configure Kubernetes. Look at this basic performance comparison between the most common storage technologies.

Prioritize workloads in overcommitted clusters

Kubernetes Horizontal Pod Autoscaler enables automated pod scaling, which is nice, but can lead to unpredictable load on the cluster. How to prioritize which workloads need to run?

Viewing logs in Kubernetes

An useful cheatsheet covering the different arguments, filters and selectors available for the “kubectl logs” subcommand.

How to choose your Kubernetes ingress controller

We have discussed how to deploy different Kubernetes ingress controllers before, but, do you know which one best suits your requirements and current deployment?

DOCKER

Top 5 features of Docker engine v18.09.1

This new release of the Docker engine brings exciting features like Process isolation in Windows 10, accessing the Docker daemon via SSH or Docker compose on Kubernetes.

Docker stack deploy: update configs and secrets

In Swarm mode, configs and secrets are immutable objects with unique names, and there is no way to mutate their contents. There is a simple fix to this limitation following these steps.

Bash functions as a service

Serverless and FaaS (Functions as a Service) has been a hot topic over the last few months. What about using Docker to encapsulate Bash functions and learning FaaS in the process?

Data in Docker

Volumes can be used to persist data in Docker. Here is a cheatsheet with all the commands that you need to create, inspect or delete a volume, along with useful tips and caveats.

OPENSHIFT & MESOS

OpenShift 4: A NoOps platform

OpenShift 4 is coming, and one of the main goals behind it is to hide or minimize the operational burden from the developer (No Ops). What distinguishes OpenShift 4 from its predecessors?

OpenShift 4 install experience

One of the first experiences that you will probably have with the new platform is, of course, the installation. Conveniently, the OpenShift 4 platform comes with a new installation tool.

How and why OpenShift 4.0 is changing its deployment topology

Red Hat OpenShift Container Platform is changing the way that clusters are installed, and the way those resulting clusters are structured. Learn the rationale behind this change.

Announcing Kudo – A declarative approach to Kubernetes operators

Kudo (formerly named Maestro) provides a declarative approach to building production-grade Kubernetes Operators covering the entire application lifecycle, including “day 2” operations.